From patchwork Tue Dec 3 13:50:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892505 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D37911DF736 for ; Tue, 3 Dec 2024 13:48:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233723; cv=none; b=btT4tNlaaEcsuW0eb12H/6PO+7O44v3u41JJgoZSEmVtBiXV/TR/82nC5mgX62ZL6N0uGxl0OI1LecU6zNirkfeMlrRMQOJDiAhVbqZR3shbumlEIX6zNRnrRuB0c9Xo5Wo5pifSqNQzyR4O93smWBztJ8Jx+cAMOTr2gy50YqU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233723; c=relaxed/simple; bh=ABC2JinWNRiYAUq/CXOh/OLgohJEP7+NA7nwm8xGSZY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QOWAkHtYvIZjdghMIGk2+eUZoxF3SqqoQtyzCUaQmzbEadi7fddQDVjSXMrOkdJF6fDGrhVxzwu8FLi6jDqzxWruxZJUAGMQ4Qn6aUY/AsIoPXjpLYO5+Pv+cX19N4RUxMjzs1mJY/57zmYMSN20Fohj4o0L5UTTOkX5nQHjdMA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=WW0VRdnX; arc=none smtp.client-ip=209.85.208.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="WW0VRdnX" Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5cfddb70965so7006531a12.0 for ; Tue, 03 Dec 2024 05:48:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233720; x=1733838520; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8POyoFbCcEjSQD4RN/xYZaFrBV0KG5Ys0zmlrQNRb2c=; b=WW0VRdnXCmaDlBhGcRi86/K2B3zVQJGRYNCGJuHbTAe7DtxKUgxHq/IOFdarG40KnR kuH9ruRuvMqmzZiePW9tIuN8JKLPl5fxAhJfjoEPTKghERvYyKPLHZDE87S04mQy+XAG 7f5EffMwRLKDMC3UWu05Vu8sM5SLggwzpHMenq8Qd6wmi25GSDBNpZ8jd3jeVywoJ851 S0MI7Pkm0j1QV9WpyiVob6EDALCqrboDvGxzXzC2sJQYqXNpkOzIOu3YmZRUtkhlNO7E 4JKm6ulIjDHsD9xNtlLou9Q1HKY8AGCreTDk1/zq5tWAHnM/8VyGl7/k2I99r333QrFb ciEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233720; x=1733838520; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8POyoFbCcEjSQD4RN/xYZaFrBV0KG5Ys0zmlrQNRb2c=; b=T3kOefAUpmYuuYHOf2gkh1d1oir0laazNNgmFo4fUarR/5xuFQslSliR5xnYEN76sj pGQOy+cFc/5URBjHavb73FoAZrfxyXPPC3/S82me4ZEyPVgUbcmmQiaEdRuVoktplONP s/miHTKeQemr5t6qSmvDBHWVKW71HuvSqquLdKMPg4yrvMwtX5cS7Z9GQRKajhSWBtzY N5NPiwSUhkj619bsAojXwbe4k4H+J8knkmajE8sCjt1LjWSt+ojalm5hjECLPfpalQwj WAw0rf/pu6CjdnXedAtIEhNu5sCr5LMobuzg+L1S96KLn8TpwhEz8oGf2+9cL3oIH90w conA== X-Gm-Message-State: AOJu0YxtvcQvS0miJ6nrnJtWdB+168LyIuGwJDiZswArA4+DJZOKu7np nJ/cAKKFwwlmZBardPjZe+mnm+3rLWFq4BrXNNGV1t7Zm4cOMOeYRnEpVUeB3sDOnC+XdRct+p8 3 X-Gm-Gg: ASbGncvW4nl2eb2hTKmng4+TGGexkKKTOgUfFDiQ7eV95RmoSDnP5gb6vIuwWt9XId5 MOaxZT7RTB6BX6PibgCC6ySDa7/0Bf0esBeLaUULaC263WxMf163i4FThZGrokxJuAc4ffPFjNq bDcPIC96f0zw92DbtI+Uc3UBrzK3c11/HAWjqcoCraWC+LtIjQIdlLNYBOcOUqRySr6HlpTJtDJ NM9UqitgrZUI+egG0PJLHTclquzGvTGyh06VXHkD4RkOITUMs2XxkXjMFTHW1Q= X-Google-Smtp-Source: AGHT+IFrjh7MHle/eL72xN9s5rky90fLVur4AOblU8wYrLCMguRg+0nMba4Vxloe+XDXPO1xPZvryQ== X-Received: by 2002:a05:6402:13d0:b0:5d0:c098:5b with SMTP id 4fb4d7f45d1cf-5d10cb5bf42mr1984947a12.19.1733233719547; Tue, 03 Dec 2024 05:48:39 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:38 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov Subject: [PATCH v4 bpf-next 1/7] bpf: add a __btf_get_by_fd helper Date: Tue, 3 Dec 2024 13:50:46 +0000 Message-Id: <20241203135052.3380721-2-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add a new helper to get a pointer to a struct btf from a file descriptor. This helper doesn't increase a refcnt. Add a comment explaining this and pointing to a corresponding function which does take a reference. Signed-off-by: Anton Protopopov Acked-by: Andrii Nakryiko --- include/linux/bpf.h | 17 +++++++++++++++++ include/linux/btf.h | 2 ++ kernel/bpf/btf.c | 13 ++++--------- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index eaee2a819f4c..ac44b857b2f9 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2301,6 +2301,14 @@ void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu); struct bpf_map *bpf_map_get(u32 ufd); struct bpf_map *bpf_map_get_with_uref(u32 ufd); +/* + * The __bpf_map_get() and __btf_get_by_fd() functions parse a file + * descriptor and return a corresponding map or btf object. + * Their names are double underscored to emphasize the fact that they + * do not increase refcnt. To also increase refcnt use corresponding + * bpf_map_get() and btf_get_by_fd() functions. + */ + static inline struct bpf_map *__bpf_map_get(struct fd f) { if (fd_empty(f)) @@ -2310,6 +2318,15 @@ static inline struct bpf_map *__bpf_map_get(struct fd f) return fd_file(f)->private_data; } +static inline struct btf *__btf_get_by_fd(struct fd f) +{ + if (fd_empty(f)) + return ERR_PTR(-EBADF); + if (unlikely(fd_file(f)->f_op != &btf_fops)) + return ERR_PTR(-EINVAL); + return fd_file(f)->private_data; +} + void bpf_map_inc(struct bpf_map *map); void bpf_map_inc_with_uref(struct bpf_map *map); struct bpf_map *__bpf_map_inc_not_zero(struct bpf_map *map, bool uref); diff --git a/include/linux/btf.h b/include/linux/btf.h index 4214e76c9168..69159e649675 100644 --- a/include/linux/btf.h +++ b/include/linux/btf.h @@ -4,6 +4,7 @@ #ifndef _LINUX_BTF_H #define _LINUX_BTF_H 1 +#include #include #include #include @@ -143,6 +144,7 @@ void btf_get(struct btf *btf); void btf_put(struct btf *btf); const struct btf_header *btf_header(const struct btf *btf); int btf_new_fd(const union bpf_attr *attr, bpfptr_t uattr, u32 uattr_sz); + struct btf *btf_get_by_fd(int fd); int btf_get_info_by_fd(const struct btf *btf, const union bpf_attr *attr, diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index e7a59e6462a9..ad5310fa1d3b 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -7743,17 +7743,12 @@ int btf_new_fd(const union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size) struct btf *btf_get_by_fd(int fd) { - struct btf *btf; CLASS(fd, f)(fd); + struct btf *btf; - if (fd_empty(f)) - return ERR_PTR(-EBADF); - - if (fd_file(f)->f_op != &btf_fops) - return ERR_PTR(-EINVAL); - - btf = fd_file(f)->private_data; - refcount_inc(&btf->refcnt); + btf = __btf_get_by_fd(f); + if (!IS_ERR(btf)) + refcount_inc(&btf->refcnt); return btf; } From patchwork Tue Dec 3 13:50:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892506 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 383861E009F for ; Tue, 3 Dec 2024 13:48:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233724; cv=none; b=U0UM5WVThnfEj0ivy/V0OF7Q8f4mkqE2zLVZv6Hm2x00o3cqehxcmAht4s6M7a3u3nF29RgPpu1iW5zMYWyc6sBZMzrGpJ9vQfpbIYUoYub2bvK1yGiVGfXZhjfgIg4L4Eb4qkbte8HyKd0lWoRwOe7PT/XuQ/pv80ux6D41tQk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233724; c=relaxed/simple; bh=RaCURLyhvuUv4IEXFUW5A6FO4E9KSRJiAy8ykc7vNQI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GAPpY9D/9PPb77a1dDnlSTM68rS8104KIgo9m0jdrFpVl4YG12usyZX6XRB4TDs+OMIXt/rdD+J8UCRT6mwr20iplagBNn+i5rJp7uG3bjIR9Bpygl+TbyyJXM8Dq4cLX+PiJHgcFD1KJcbQFbXA9Pmpv+WMFlCjre8Gqmq5sZc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=TMCupvHW; arc=none smtp.client-ip=209.85.208.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="TMCupvHW" Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-5d0d71d7f00so4884108a12.3 for ; Tue, 03 Dec 2024 05:48:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233720; x=1733838520; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=96O2iIJ6kHVU2T0b9pQtLYj8nAEcwSxIqjPYwkm5vuA=; b=TMCupvHWBbvAIqeJZ9ybc897dssslda3SGAI0HMleDtDsjoi1R3upSSdW4VqgIYQ3h 04AXjIsPHNIdIdjsmT7GAEgINMIkJ5jS/S2z5Ej5IlpRTJmNmwWqjJKGnAA/gtMp+8wf 2SCjRhPB5dpuHzaqYehe5Da+eQ1YAeoieayGIQy1IEtHY3t6Q8oLdqyg4CnWk6FloGQ9 X4yH5hFpRhqpYXtZrzHkrxsLwjNT24FdefZ8J6SHPGSfx5dIwOzMJ0SB/e0ke6cJRT8+ icFDuFfdqTv5ut+D6SWQQ7JEq3jhrsQdztVEsa7gsfNMnae92uvS0Dy7qUh4DhJHI7ua aPQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233720; x=1733838520; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=96O2iIJ6kHVU2T0b9pQtLYj8nAEcwSxIqjPYwkm5vuA=; b=QPwDf4pEeHLnKXvSDNy1SrZt1QHh9ZxvuZ6hK5C+xe62NuzhI66iRNw5+/Fa8qo26+ dhmU0F6u+rAXUemc6giRY8qB10ZHVUzpf2g8ZblFKB0ITWWxlqapaA2pn9pWNF6Dhada acyiO5fGCdM82jxB0NyXGFGYc+9aDQTbrjLgWznFpCu0OzgMYK3w5Xe/b3IU7k1zK6eu i7Z1jsCAjnnPwi+Eb6gL6+3fR08IUlka7We/K44Y/Oo+j5b6C0rLiGcLWBTTzpUV9u68 ROIJx0XkKzRJ0aYRLUL/kVA2NZ3Ob3a2iZKxbincK1YhfOmyQnejx0GaofKwS9z1VUY2 T8ZA== X-Gm-Message-State: AOJu0YwkVt0EisAy0fwldXY3j+mSM7CiqbYoFLIrksABxH/oSuMJIEGe GBTHI3CHaIUOXGkYWrG8/HdVBCfZrGBwAm1ky6wIrK/7T39cdvK4ehf0LqX+i9ZiF1kpc8mo4HX i X-Gm-Gg: ASbGncttGinPJyxuZASvqINm63hU+0pmm7wEP8uMcUwxErXJJrgDeM8M2zLmq/m6bD7 paMfSaoVrLj05WXbwUY6sNDLh+8JzUYDVlMek5vtSzFOAOfIhGAnSKwWi7CkIipWPL6wuigziH4 ScvQ5KNHhVung9wm+K+Bhk/EwKkfUYAVqGz4KNvvyB+6tocgbr21zsMP5aF5V43e4qfDBfvxc0H tYv+9Y+2FnpL0Sx8rndj4WiSSr0wRvp9s8qkG70F94iPCvrV+PoH17FcpZpKa8= X-Google-Smtp-Source: AGHT+IEdTzUseREISoiPbLB5ECvyOtSjUvGQkX+iTwxQ0nqQT5C1z0sjOJ/FuJNKDIgEvDl/dI37wQ== X-Received: by 2002:a05:6402:35d4:b0:5d0:bcdd:ff97 with SMTP id 4fb4d7f45d1cf-5d113ca96a4mr193607a12.5.1733233720262; Tue, 03 Dec 2024 05:48:40 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:39 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov , Andrii Nakryiko Subject: [PATCH v4 bpf-next 2/7] bpf: move map/prog compatibility checks Date: Tue, 3 Dec 2024 13:50:47 +0000 Message-Id: <20241203135052.3380721-3-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Move some inlined map/prog compatibility checks from the resolve_pseudo_ldimm64() function to the dedicated check_map_prog_compatibility() function. Call the latter function from the add_used_map_from_fd() function directly. This simplifies code and optimizes logic a bit, as before these changes the check_map_prog_compatibility() function was executed on every map usage, which doesn't make sense, as it doesn't include any per-instruction checks, only map type vs. prog type. (This patch also simplifies a consequent patch which will call the add_used_map_from_fd() function from another code path.) Signed-off-by: Anton Protopopov Acked-by: Andrii Nakryiko --- kernel/bpf/verifier.c | 101 +++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 55 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 1c4ebb326785..8e034a22aa2a 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -19064,6 +19064,12 @@ static bool is_tracing_prog_type(enum bpf_prog_type type) } } +static bool bpf_map_is_cgroup_storage(struct bpf_map *map) +{ + return (map->map_type == BPF_MAP_TYPE_CGROUP_STORAGE || + map->map_type == BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE); +} + static int check_map_prog_compatibility(struct bpf_verifier_env *env, struct bpf_map *map, struct bpf_prog *prog) @@ -19142,25 +19148,48 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env, return -EINVAL; } - return 0; -} + if (bpf_map_is_cgroup_storage(map) && + bpf_cgroup_storage_assign(env->prog->aux, map)) { + verbose(env, "only one cgroup storage of each type is allowed\n"); + return -EBUSY; + } -static bool bpf_map_is_cgroup_storage(struct bpf_map *map) -{ - return (map->map_type == BPF_MAP_TYPE_CGROUP_STORAGE || - map->map_type == BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE); + if (map->map_type == BPF_MAP_TYPE_ARENA) { + if (env->prog->aux->arena) { + verbose(env, "Only one arena per program\n"); + return -EBUSY; + } + if (!env->allow_ptr_leaks || !env->bpf_capable) { + verbose(env, "CAP_BPF and CAP_PERFMON are required to use arena\n"); + return -EPERM; + } + if (!env->prog->jit_requested) { + verbose(env, "JIT is required to use arena\n"); + return -EOPNOTSUPP; + } + if (!bpf_jit_supports_arena()) { + verbose(env, "JIT doesn't support arena\n"); + return -EOPNOTSUPP; + } + env->prog->aux->arena = (void *)map; + if (!bpf_arena_get_user_vm_start(env->prog->aux->arena)) { + verbose(env, "arena's user address must be set via map_extra or mmap()\n"); + return -EINVAL; + } + } + + return 0; } /* Add map behind fd to used maps list, if it's not already there, and return - * its index. Also set *reused to true if this map was already in the list of - * used maps. + * its index. * Returns <0 on error, or >= 0 index, on success. */ -static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd, bool *reused) +static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd) { CLASS(fd, f)(fd); struct bpf_map *map; - int i; + int i, err; map = __bpf_map_get(f); if (IS_ERR(map)) { @@ -19169,12 +19198,9 @@ static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd, bool *reus } /* check whether we recorded this map already */ - for (i = 0; i < env->used_map_cnt; i++) { - if (env->used_maps[i] == map) { - *reused = true; + for (i = 0; i < env->used_map_cnt; i++) + if (env->used_maps[i] == map) return i; - } - } if (env->used_map_cnt >= MAX_USED_MAPS) { verbose(env, "The total number of maps per program has reached the limit of %u\n", @@ -19182,6 +19208,10 @@ static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd, bool *reus return -E2BIG; } + err = check_map_prog_compatibility(env, map, env->prog); + if (err) + return err; + if (env->prog->sleepable) atomic64_inc(&map->sleepable_refcnt); @@ -19192,7 +19222,6 @@ static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd, bool *reus */ bpf_map_inc(map); - *reused = false; env->used_maps[env->used_map_cnt++] = map; return env->used_map_cnt - 1; @@ -19229,7 +19258,6 @@ static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) int map_idx; u64 addr; u32 fd; - bool reused; if (i == insn_cnt - 1 || insn[1].code != 0 || insn[1].dst_reg != 0 || insn[1].src_reg != 0 || @@ -19290,7 +19318,7 @@ static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) break; } - map_idx = add_used_map_from_fd(env, fd, &reused); + map_idx = add_used_map_from_fd(env, fd); if (map_idx < 0) return map_idx; map = env->used_maps[map_idx]; @@ -19298,10 +19326,6 @@ static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) aux = &env->insn_aux_data[i]; aux->map_index = map_idx; - err = check_map_prog_compatibility(env, map, env->prog); - if (err) - return err; - if (insn[0].src_reg == BPF_PSEUDO_MAP_FD || insn[0].src_reg == BPF_PSEUDO_MAP_IDX) { addr = (unsigned long)map; @@ -19332,39 +19356,6 @@ static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) insn[0].imm = (u32)addr; insn[1].imm = addr >> 32; - /* proceed with extra checks only if its newly added used map */ - if (reused) - goto next_insn; - - if (bpf_map_is_cgroup_storage(map) && - bpf_cgroup_storage_assign(env->prog->aux, map)) { - verbose(env, "only one cgroup storage of each type is allowed\n"); - return -EBUSY; - } - if (map->map_type == BPF_MAP_TYPE_ARENA) { - if (env->prog->aux->arena) { - verbose(env, "Only one arena per program\n"); - return -EBUSY; - } - if (!env->allow_ptr_leaks || !env->bpf_capable) { - verbose(env, "CAP_BPF and CAP_PERFMON are required to use arena\n"); - return -EPERM; - } - if (!env->prog->jit_requested) { - verbose(env, "JIT is required to use arena\n"); - return -EOPNOTSUPP; - } - if (!bpf_jit_supports_arena()) { - verbose(env, "JIT doesn't support arena\n"); - return -EOPNOTSUPP; - } - env->prog->aux->arena = (void *)map; - if (!bpf_arena_get_user_vm_start(env->prog->aux->arena)) { - verbose(env, "arena's user address must be set via map_extra or mmap()\n"); - return -EINVAL; - } - } - next_insn: insn++; i++; From patchwork Tue Dec 3 13:50:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892507 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7148D1B395E for ; Tue, 3 Dec 2024 13:48:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233725; cv=none; b=jiuLNntGlFvs00eCxjw+WfqDcd8HuRWPZW4NA4d3AOahcTXgk98TBfFwtKyyUNkqSsnsD6f4RDDsCr7lGK2OT6K8bp7LlxxJAEBfEoQLi3FjvwqAPW1GWYrXozOPV7VMhs1nNJOxLqftOBYS7TQYEpAyYEY6MHwTk4Pkq7D1Fn0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233725; c=relaxed/simple; bh=VWu4dic2nk3/gIEivDHu5je8fzg/wD+ersXzZW3zf+Y=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AeQtoyojMpjMQSlFVub9HA3F2zJDaSeBQbU27kraI/urafJA6yNo6poCWnB2P5sZuz7ZWKcEfyFuZ7pvYQ5C7ruNIEQV1Fh9PYeU0ljnvgGjm7sVMUN53ordcIPVG/NjH8ajXwtuY0Zj2FhWWJbkJsiUEA720b5IIK1zjKPXsFE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=Jcc3ck2N; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="Jcc3ck2N" Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5d0ac27b412so5077638a12.1 for ; Tue, 03 Dec 2024 05:48:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233721; x=1733838521; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n3grXjTIulhHPoBe2I2jvwMWEQQrUnaOVbLjd5dIArQ=; b=Jcc3ck2N5qQjQQq5rF+QLAUv0lTljgV11lhGtuoCCbmArMyHBM28p0Hxl/+R+MDg+O U5zZe6tLwt8YYF94YUEluX3naX3lGk6nhZPFAnvmtxT2MDsZ9GeL8ujpwP5m6ViUdzU5 J4BU7a9Qc1+MrPZ3iC85jIx2L6X1UWaNiZw1LIQVK6KjTq+QtwQISJgjh5m6rWPK2++t zDHEGrD9TyDSz46WsnrPmGZK5HIJUG5KkWUU6BAscuIJmAYPBjfa3X7Le+vCK1No3Vd2 B3/JZzxVlgWkbnVMVVZJDVXC8U5Zl07Tf9g5HgJOdClCloP/p90OLDt8/QBoBzq4MhPc 5roQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233721; x=1733838521; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n3grXjTIulhHPoBe2I2jvwMWEQQrUnaOVbLjd5dIArQ=; b=ZCKpgUhZqSiQ7yQe9rToguopBtm0oK/cV/3X9x+ErsFlqG3UezcYmUgW+IW6tAWePx ry8L+cf3lbADmFTXXmszNOJTlL+uD+c4b68rJCWS15gko5yNMAB+3XEf3o8Ogv6vs6jz lsVJoo1Sce9peC9kY4uxSOkZQnhiwNCL3STFgBJ5vrzxWkOnLVFX9F0gUdDDNlW4YQ4r 2cc9gZxT0yXrg/9V89CyhhaGjzVqitBUEIucptBSaczztHdbQ8thCUfOg9U3ktQYyX4J JApZVBn7tGQD5LYoJjSH/MhvORQuzgogRRFsuyqpoqdzFRnq2+/WW4IzHpEa6PmzyXlr IiTw== X-Gm-Message-State: AOJu0YwciMf4w8iB0ATMZ0Vu25V7pgM2yi+ENBX+EmLuG8igBLuYvblO vA5FuexH2ELTS6mWtYpKI1/Gitib2T+HyvcgACMmEpOMsjW3jgz4RUIAbOkCc6VJj/DkInSilFo 0 X-Gm-Gg: ASbGncszUKLj8ddNINA9UbKykUgH4/pk5eWii9FZByvNtnuGf15meGO8S7PXTAO+L74 R8n+QXbhkzDjgji3NB3qhBxysnG9/JMUJyQ6KSuZ2IG9a03wx5DBIIuDZLIPxDczNjF2lxgNBtr 2Fd0XvOqxi8ayk6JpBK29vuMjLOVQfwMtkZd7QUol4wtO+a/0IOLuu25Ba3aubtDYpAYRNjuKca 29EauzZFGnf+w9tsJj1yCOu/E/gdask+ZYXUbHnGXJ/eziZfa5hKDevHwpH2K4= X-Google-Smtp-Source: AGHT+IEOFS2gz0CnllvecPHS7E605ruesT+8fD8TVnOdRNJcsLVfWyi50ETC9KRKFDom3yFF99bSuw== X-Received: by 2002:a05:6402:5106:b0:5d0:ccec:8500 with SMTP id 4fb4d7f45d1cf-5d10cb99da0mr2541351a12.33.1733233721171; Tue, 03 Dec 2024 05:48:41 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:40 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov Subject: [PATCH v4 bpf-next 3/7] bpf: add fd_array_cnt attribute for prog_load Date: Tue, 3 Dec 2024 13:50:48 +0000 Message-Id: <20241203135052.3380721-4-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net The fd_array attribute of the BPF_PROG_LOAD syscall may contain a set of file descriptors: maps or btfs. This field was introduced as a sparse array. Introduce a new attribute, fd_array_cnt, which, if present, indicates that the fd_array is a continuous array of the corresponding length. If fd_array_cnt is non-zero, then every map in the fd_array will be bound to the program, as if it was used by the program. This functionality is similar to the BPF_PROG_BIND_MAP syscall, but such maps can be used by the verifier during the program load. Signed-off-by: Anton Protopopov --- include/uapi/linux/bpf.h | 10 ++++ kernel/bpf/syscall.c | 2 +- kernel/bpf/verifier.c | 98 ++++++++++++++++++++++++++++------ tools/include/uapi/linux/bpf.h | 10 ++++ 4 files changed, 104 insertions(+), 16 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 4162afc6b5d0..2acf9b336371 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -1573,6 +1573,16 @@ union bpf_attr { * If provided, prog_flags should have BPF_F_TOKEN_FD flag set. */ __s32 prog_token_fd; + /* The fd_array_cnt can be used to pass the length of the + * fd_array array. In this case all the [map] file descriptors + * passed in this array will be bound to the program, even if + * the maps are not referenced directly. The functionality is + * similar to the BPF_PROG_BIND_MAP syscall, but maps can be + * used by the verifier during the program load. If provided, + * then the fd_array[0,...,fd_array_cnt-1] is expected to be + * continuous. + */ + __u32 fd_array_cnt; }; struct { /* anonymous struct used by BPF_OBJ_* commands */ diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 5684e8ce132d..4e88797fdbeb 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2730,7 +2730,7 @@ static bool is_perfmon_prog_type(enum bpf_prog_type prog_type) } /* last field in 'union bpf_attr' used by this command */ -#define BPF_PROG_LOAD_LAST_FIELD prog_token_fd +#define BPF_PROG_LOAD_LAST_FIELD fd_array_cnt static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size) { diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 8e034a22aa2a..cda02153d90e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -19181,22 +19181,10 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env, return 0; } -/* Add map behind fd to used maps list, if it's not already there, and return - * its index. - * Returns <0 on error, or >= 0 index, on success. - */ -static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd) +static int __add_used_map(struct bpf_verifier_env *env, struct bpf_map *map) { - CLASS(fd, f)(fd); - struct bpf_map *map; int i, err; - map = __bpf_map_get(f); - if (IS_ERR(map)) { - verbose(env, "fd %d is not pointing to valid bpf_map\n", fd); - return PTR_ERR(map); - } - /* check whether we recorded this map already */ for (i = 0; i < env->used_map_cnt; i++) if (env->used_maps[i] == map) @@ -19227,6 +19215,24 @@ static int add_used_map_from_fd(struct bpf_verifier_env *env, int fd) return env->used_map_cnt - 1; } +/* Add map behind fd to used maps list, if it's not already there, and return + * its index. + * Returns <0 on error, or >= 0 index, on success. + */ +static int add_used_map(struct bpf_verifier_env *env, int fd) +{ + struct bpf_map *map; + CLASS(fd, f)(fd); + + map = __bpf_map_get(f); + if (IS_ERR(map)) { + verbose(env, "fd %d is not pointing to valid bpf_map\n", fd); + return PTR_ERR(map); + } + + return __add_used_map(env, map); +} + /* find and rewrite pseudo imm in ld_imm64 instructions: * * 1. if it accesses map FD, replace it with actual map pointer. @@ -19318,7 +19324,7 @@ static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) break; } - map_idx = add_used_map_from_fd(env, fd); + map_idx = add_used_map(env, fd); if (map_idx < 0) return map_idx; map = env->used_maps[map_idx]; @@ -22526,6 +22532,65 @@ struct btf *bpf_get_btf_vmlinux(void) return btf_vmlinux; } +/* + * The add_fd_from_fd_array() is executed only if fd_array_cnt is non-zero. In + * this case expect that every file descriptor in the array is either a map or + * a BTF. Everything else is considered to be trash. + */ +static int add_fd_from_fd_array(struct bpf_verifier_env *env, int fd) +{ + struct bpf_map *map; + CLASS(fd, f)(fd); + int ret; + + map = __bpf_map_get(f); + if (!IS_ERR(map)) { + ret = __add_used_map(env, map); + if (ret < 0) + return ret; + return 0; + } + + /* + * Unlike "unused" maps which do not appear in the BPF program, + * BTFs are visible, so no reason to refcnt them now + */ + if (!IS_ERR(__btf_get_by_fd(f))) + return 0; + + verbose(env, "fd %d is not pointing to valid bpf_map or btf\n", fd); + return PTR_ERR(map); +} + +static int process_fd_array(struct bpf_verifier_env *env, union bpf_attr *attr, bpfptr_t uattr) +{ + size_t size = sizeof(int); + int ret; + int fd; + u32 i; + + env->fd_array = make_bpfptr(attr->fd_array, uattr.is_kernel); + + /* + * The only difference between old (no fd_array_cnt is given) and new + * APIs is that in the latter case the fd_array is expected to be + * continuous and is scanned for map fds right away + */ + if (!attr->fd_array_cnt) + return 0; + + for (i = 0; i < attr->fd_array_cnt; i++) { + if (copy_from_bpfptr_offset(&fd, env->fd_array, i * size, size)) + return -EFAULT; + + ret = add_fd_from_fd_array(env, fd); + if (ret) + return ret; + } + + return 0; +} + int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u32 uattr_size) { u64 start_time = ktime_get_ns(); @@ -22557,7 +22622,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3 env->insn_aux_data[i].orig_idx = i; env->prog = *prog; env->ops = bpf_verifier_ops[env->prog->type]; - env->fd_array = make_bpfptr(attr->fd_array, uattr.is_kernel); env->allow_ptr_leaks = bpf_allow_ptr_leaks(env->prog->aux->token); env->allow_uninit_stack = bpf_allow_uninit_stack(env->prog->aux->token); @@ -22580,6 +22644,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3 if (ret) goto err_unlock; + ret = process_fd_array(env, attr, uattr); + if (ret) + goto err_release_maps; + mark_verifier_state_clean(env); if (IS_ERR(btf_vmlinux)) { diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 4162afc6b5d0..2acf9b336371 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -1573,6 +1573,16 @@ union bpf_attr { * If provided, prog_flags should have BPF_F_TOKEN_FD flag set. */ __s32 prog_token_fd; + /* The fd_array_cnt can be used to pass the length of the + * fd_array array. In this case all the [map] file descriptors + * passed in this array will be bound to the program, even if + * the maps are not referenced directly. The functionality is + * similar to the BPF_PROG_BIND_MAP syscall, but maps can be + * used by the verifier during the program load. If provided, + * then the fd_array[0,...,fd_array_cnt-1] is expected to be + * continuous. + */ + __u32 fd_array_cnt; }; struct { /* anonymous struct used by BPF_OBJ_* commands */ From patchwork Tue Dec 3 13:50:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892508 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC1241F12E3 for ; Tue, 3 Dec 2024 13:48:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233725; cv=none; b=D/bz0OvzywhJiy9M1pdIpr9e8cCKYNTOLijzqr0BGP4m4Zte9WRnzBk8SHR2QjGu1yHfL8xf/Jp/z7HqXD5JNlSXBeE+TUBcE9SgrW/DkpkSHq7a2L4WptTXsjAb2eVmps1Ciy7AMQ2sDpUYW4sRO/Aa/1Gaf0gCoEvbFYQL2lU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233725; c=relaxed/simple; bh=Pm/rYukddwWR8om5fe1EIxnOcGvurQb5gP9wi6yjR+M=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JF6uukSK1EnOiF+lQccthmL2uejgRQV+EgFjL/NCY5oMSv/JOn+1J4T8blYiSKnZcfl+QxZxX56KfSXLRJIwz2jsaZ/ZFVIQVSAG9rZt8Vo6lKvekamAJB4E28GM8VUZxNWUHtx3+5WyLfdohzv2ZJFvd9UnZp5h+BZ16Ce17xk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=gB7U+iVF; arc=none smtp.client-ip=209.85.218.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="gB7U+iVF" Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-aa578d10d50so888416866b.1 for ; Tue, 03 Dec 2024 05:48:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233722; x=1733838522; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HUoRIDX3jNFNRZLU9ZvNZnJsXY5FDodfucjj4WxwEUU=; b=gB7U+iVF0tYSREw4ONyBzTnf3tmQcBsxYDeEnlVXMZNLel84v6O8ciVyi9gKALTlXN psKj/uMJ8Jmch2Drv2EIygNYfiVutCajOHGaLmuilULDIS8Wjs9N4KTWX6+rkgk7Mf6I A4w2DhUMhmlQeNzur3CDkAPkhXKcvatgW9GSIb+cRcKLuZCeN5cKE/0A2DWKgg8X5uVJ X1//qxTwBlggwoCWZHwkh0H9/5NaVz4ko/o8bCGylwRrk6oEQ9ALT3IdPiTfSxo+MM1K 5jc4dhr+ECPtyEcK7ghKJysLTm5mTtUo8Ec/GmxRti7SNe6QbypDhkFHHkitoly7kStM bxQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233722; x=1733838522; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HUoRIDX3jNFNRZLU9ZvNZnJsXY5FDodfucjj4WxwEUU=; b=jYej4jR1ugAYhoB1zoJ31arsW37Ou1u1ve5UYz8TALfukj53pZ6zMZO9lRTe8olAGR pyLJLxqE2jA1cKVWT63HE7AV8xVXb4YCtO7XcuMF6oqtrUNj0JbmUyTGZfOI9W2kKQHf KNa0/VBR9XuCIZrdHicCVgonu5oWTOEjVGcnXFsO5yXpR6Q54zPxl3H55MXKSFEWXdZ5 N2Jd8B8H9sbklO+FXmeXrrf98VU0IDsXNcPK7f1ymKDJ8po2WuN7ztDNQYxS8f4dfUvy 4JUuASD+215ioIZv8QYz/DA0hXG09ZGKZJn3XvwMkmjQsYgSDKnHIs/LISQnC6SLPM+b TevA== X-Gm-Message-State: AOJu0Yzgq7+k93yoK04/iCj86pTX42ITUziOw1/BcElX9jG/6UrV15YK EUruHC1diu/dhjfEFCNLS/ZXCtETOjFzakDedPw6hS9jIpzSeumXfFv03LqATKSn1yI006XNtVh t X-Gm-Gg: ASbGncvG9D6ayTNk3vggvNoyNUM1NhEoatCp33h3GmQuLsI0bwFZyny1UtOcEMSS2wl Jx370rlWn7UAynJ54Q2s0EN7ZohRetw3r4Gu5KkDxvIap+4UbL6ZO9zCDY0aJJTEiWz1ASyp5MU 0zMwHa2tjhU4q2BbLOI8xlfTD1rZUvMh5A0XsLeNdp/W+1dIBzYenpVhRBvzcv3rl/4eo1JNmDE 6gAfl6fpsf28VtWHLKBM1Ucg7/0GheFtbbn0ekDvvONF5UBlKjoJgApJp/0eJw= X-Google-Smtp-Source: AGHT+IGyytfiGngG7CrYeW8v8+MD6FHZgUUVpTa9XlvhWOKxrhmUG3VaalMIRbB6Exwonl3nklnkvg== X-Received: by 2002:a17:906:311b:b0:a9a:dac:2ab9 with SMTP id a640c23a62f3a-aa6018d89c6mr28745266b.42.1733233721827; Tue, 03 Dec 2024 05:48:41 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:41 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov Subject: [PATCH v4 bpf-next 4/7] libbpf: prog load: allow to use fd_array_cnt Date: Tue, 3 Dec 2024 13:50:49 +0000 Message-Id: <20241203135052.3380721-5-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add new fd_array_cnt field to bpf_prog_load_opts and pass it in bpf_attr, if set. Signed-off-by: Anton Protopopov Acked-by: Andrii Nakryiko --- tools/lib/bpf/bpf.c | 3 ++- tools/lib/bpf/bpf.h | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index becdfa701c75..359f73ead613 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -238,7 +238,7 @@ int bpf_prog_load(enum bpf_prog_type prog_type, const struct bpf_insn *insns, size_t insn_cnt, struct bpf_prog_load_opts *opts) { - const size_t attr_sz = offsetofend(union bpf_attr, prog_token_fd); + const size_t attr_sz = offsetofend(union bpf_attr, fd_array_cnt); void *finfo = NULL, *linfo = NULL; const char *func_info, *line_info; __u32 log_size, log_level, attach_prog_fd, attach_btf_obj_fd; @@ -311,6 +311,7 @@ int bpf_prog_load(enum bpf_prog_type prog_type, attr.line_info_cnt = OPTS_GET(opts, line_info_cnt, 0); attr.fd_array = ptr_to_u64(OPTS_GET(opts, fd_array, NULL)); + attr.fd_array_cnt = OPTS_GET(opts, fd_array_cnt, 0); if (log_level) { attr.log_buf = ptr_to_u64(log_buf); diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index a4a7b1ad1b63..435da95d2058 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -107,9 +107,12 @@ struct bpf_prog_load_opts { */ __u32 log_true_size; __u32 token_fd; + + /* if set, provides the length of fd_array */ + __u32 fd_array_cnt; size_t :0; }; -#define bpf_prog_load_opts__last_field token_fd +#define bpf_prog_load_opts__last_field fd_array_cnt LIBBPF_API int bpf_prog_load(enum bpf_prog_type prog_type, const char *prog_name, const char *license, From patchwork Tue Dec 3 13:50:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892509 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B0E61E009F for ; Tue, 3 Dec 2024 13:48:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233727; cv=none; b=Q5FzPkUag0dcv0BaTV0bq2RfCRYBDp2WVIzy5pUrEAWI2qpMDdaqOPyruWlZuwKPoL9XLDh6bHvDbVWOCIXQz2G/IBKhqekNXcd3YtkufUaAcjE+puY/BG0ggkzd9kgF/rrNela2TTehEc1WyZb2wVX217NDngSALlzKCZlOKeA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233727; c=relaxed/simple; bh=Z+QUCdSTrd5VOI9bV/ZQ8fC88OkhdNeOag6YTpZXwdg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lfOspj47QFZLMsgW0Y048b1zuakrqw6bIBWQ+GxmE0w7G1Iw0tbl5sdX0pxCJlQY8MmRL7UNXWBkNMWi1PhQA7+Xijfr4d4mRwMKpnDZyeGzjkgKmii5wAvzgVUpT17zSMrXfk8sWqflTP7DR7qdhlvxOshqQTIpUAjKMTEK+i4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=XOD5I5rF; arc=none smtp.client-ip=209.85.208.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="XOD5I5rF" Received: by mail-lj1-f181.google.com with SMTP id 38308e7fff4ca-2ffbf4580cbso57910581fa.2 for ; Tue, 03 Dec 2024 05:48:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233723; x=1733838523; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4uNq3UCmJLmTcvC/Yf3jhS1IU/A57iUFvR49X2lBeoU=; b=XOD5I5rFwt7IzE+a0hPgyR2NDf+iNdT3qDQibVxJVO5oR9MbrV4beNnZI9D371Y/Hr QEifcrlfm+eeNvxH3fjMjwmbJOMTXtwqlRiQZMatkHWRy/QfJsNW3u+zcfANE9pUvZAR x0ZKQ9z/EZlk+4+WHgP+3jgfkwCtn58kxvSvY86So/32tvnMCpi7/tf6LG2QsG2z7Urv s1ggnhQpx8tRxCvyRcquunm8Rz+CMcM91BSwYis4aX/QiLk0g+iSuJBn6YOvWACDsKUz RcqvQuPC0WddCXaW5v+yUeqG9mFhP8RZOGziOe+M4KiBEvrqKpKqOcmpU03psJaGgDDi R6vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233723; x=1733838523; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4uNq3UCmJLmTcvC/Yf3jhS1IU/A57iUFvR49X2lBeoU=; b=tEut5pYyKkmKtoLdlkLZvmqaD6UjoQjbNf8Pxp7Nybif5UNAnRgouUJUYw3OU+X1f6 F6kleMsHB7IZmZ6x5xTKQxoIUlgiM2vmfVow5xpAcnASDjnerfmI2GcLt4cXGnDd+pq/ +51CQ/w26YczCU0LC0O25VUA5bxp8IamWG5WRnkkRPnpyhcon0u0dLsnLI8wt0O/ejPd mrUMUChhgvclyMdCKeXmLmIbezgoeQxQyibegBZyWDDISYvGk9W+17EkGyQKzxLGRWKj TQcOnfKoHcCeK9wW615FZJ2bexD2rAq2i61FeHV3ukW7OGXAGIr/oKqOT4l7DriIJFbi NTDA== X-Gm-Message-State: AOJu0Yy5rywJgXAuCpf3Iw1TafUT0ve+ugr2GVBBK1CshLGlivUSQISL YmIlcUnZrSdZWFkd3tcS9wjLtkBfM5nts7zBz2V39rNkEzwQvtr4bB34E3ssz0tjBSMGKZ/16BE F X-Gm-Gg: ASbGnctYvvniAqSjOd0seSGR/QrdkM1qLJKbtvce5NFYQLbGLLKNPNiJXtb567RrD7l /HUJw7Fqwe5Xg8/pmSug/qeIv9HCmi9tc1jeypR/K4noD4trLgPspThoabSC1m8/VX++r7D/2x4 qmpViabZEZfWZZa1bYbqED/9Fr30F0oUsZ5ltHduF8XMwBJPzmLCTBq9SHixaMIjlQSCAz52USA cXzDJuHTZj5WtWqnJ/3dBIkeUuElFQSqTAg5KTtMrAlTcN+NYZm+8XhnSnIMGc= X-Google-Smtp-Source: AGHT+IGLXf8dA5IqmjeQYUIzocYCWLaT7Iy0fxpoUMJprYvArVTFEKPPCHP+UCcSu7drWWhxcpZm0Q== X-Received: by 2002:a05:651c:1549:b0:2fb:4b1f:973f with SMTP id 38308e7fff4ca-30009c73846mr13089341fa.7.1733233722764; Tue, 03 Dec 2024 05:48:42 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:42 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov Subject: [PATCH v4 bpf-next 5/7] selftests/bpf: Add tests for fd_array_cnt Date: Tue, 3 Dec 2024 13:50:50 +0000 Message-Id: <20241203135052.3380721-6-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add a new set of tests to test the new field in PROG_LOAD-related part of bpf_attr: fd_array_cnt. Add the following test cases: * fd_array_cnt/no-fd-array: program is loaded in a normal way, without any fd_array present * fd_array_cnt/fd-array-ok: pass two extra non-used maps, check that they're bound to the program * fd_array_cnt/fd-array-dup-input: pass a few extra maps, only two of which are unique * fd_array_cnt/fd-array-ref-maps-in-array: pass a map in fd_array which is also referenced from within the program * fd_array_cnt/fd-array-trash-input: pass array with some trash * fd_array_cnt/fd-array-with-holes: pass an array with holes (fd=0) * fd_array_cnt/fd-array-2big: pass too large array All the tests above are using the bpf(2) syscall directly, no libbpf involved. Signed-off-by: Anton Protopopov --- .../selftests/bpf/prog_tests/fd_array.c | 340 ++++++++++++++++++ 1 file changed, 340 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/fd_array.c diff --git a/tools/testing/selftests/bpf/prog_tests/fd_array.c b/tools/testing/selftests/bpf/prog_tests/fd_array.c new file mode 100644 index 000000000000..1d4bff4a1269 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/fd_array.c @@ -0,0 +1,340 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +#include +#include + +#include "../test_btf.h" + +static inline int new_map(void) +{ + LIBBPF_OPTS(bpf_map_create_opts, opts); + const char *name = NULL; + __u32 max_entries = 1; + __u32 value_size = 8; + __u32 key_size = 4; + + return bpf_map_create(BPF_MAP_TYPE_ARRAY, name, + key_size, value_size, + max_entries, &opts); +} + +static int new_btf(void) +{ + LIBBPF_OPTS(bpf_btf_load_opts, opts); + struct btf_blob { + struct btf_header btf_hdr; + __u32 types[8]; + __u32 str; + } raw_btf = { + .btf_hdr = { + .magic = BTF_MAGIC, + .version = BTF_VERSION, + .hdr_len = sizeof(struct btf_header), + .type_len = sizeof(raw_btf.types), + .str_off = offsetof(struct btf_blob, str) - offsetof(struct btf_blob, types), + .str_len = sizeof(raw_btf.str), + }, + .types = { + /* long */ + BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 64, 8), /* [1] */ + /* unsigned long */ + BTF_TYPE_INT_ENC(0, 0, 0, 64, 8), /* [2] */ + }, + }; + + return bpf_btf_load(&raw_btf, sizeof(raw_btf), &opts); +} + +static bool map_exists(__u32 id) +{ + int fd; + + fd = bpf_map_get_fd_by_id(id); + if (fd >= 0) { + close(fd); + return true; + } + return false; +} + +static inline int bpf_prog_get_map_ids(int prog_fd, __u32 *nr_map_ids, __u32 *map_ids) +{ + __u32 len = sizeof(struct bpf_prog_info); + struct bpf_prog_info info = { + .nr_map_ids = *nr_map_ids, + .map_ids = ptr_to_u64(map_ids), + }; + int err; + + err = bpf_prog_get_info_by_fd(prog_fd, &info, &len); + if (!ASSERT_OK(err, "bpf_prog_get_info_by_fd")) + return -1; + + *nr_map_ids = info.nr_map_ids; + + return 0; +} + +static int __load_test_prog(int map_fd, const int *fd_array, int fd_array_cnt) +{ + /* A trivial program which uses one map */ + struct bpf_insn insns[] = { + BPF_LD_MAP_FD(BPF_REG_1, map_fd), + BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }; + LIBBPF_OPTS(bpf_prog_load_opts, opts); + + opts.fd_array = fd_array; + opts.fd_array_cnt = fd_array_cnt; + + return bpf_prog_load(BPF_PROG_TYPE_XDP, NULL, "GPL", insns, ARRAY_SIZE(insns), &opts); +} + +static int load_test_prog(const int *fd_array, int fd_array_cnt) +{ + int map_fd; + int ret; + + map_fd = new_map(); + if (!ASSERT_GE(map_fd, 0, "new_map")) + return map_fd; + + ret = __load_test_prog(map_fd, fd_array, fd_array_cnt); + close(map_fd); + + /* switch back to returning the actual value */ + if (ret < 0) + return -errno; + return ret; +} + +static bool check_expected_map_ids(int prog_fd, int expected, __u32 *map_ids, __u32 *nr_map_ids) +{ + int err; + + err = bpf_prog_get_map_ids(prog_fd, nr_map_ids, map_ids); + if (!ASSERT_OK(err, "bpf_prog_get_map_ids")) + return false; + if (!ASSERT_EQ(*nr_map_ids, expected, "unexpected nr_map_ids")) + return false; + + return true; +} + +/* + * Load a program, which uses one map. No fd_array maps are present. + * On return only one map is expected to be bound to prog. + */ +static void check_fd_array_cnt__no_fd_array(void) +{ + __u32 map_ids[16]; + __u32 nr_map_ids; + int prog_fd = -1; + + prog_fd = load_test_prog(NULL, 0); + if (!ASSERT_GE(prog_fd, 0, "BPF_PROG_LOAD")) + return; + nr_map_ids = ARRAY_SIZE(map_ids); + check_expected_map_ids(prog_fd, 1, map_ids, &nr_map_ids); + close(prog_fd); +} + +/* + * Load a program, which uses one map, and pass two extra, non-equal, maps in + * fd_array with fd_array_cnt=2. On return three maps are expected to be bound + * to the program. + */ +static void check_fd_array_cnt__fd_array_ok(void) +{ + int extra_fds[2] = { -1, -1 }; + __u32 map_ids[16]; + __u32 nr_map_ids; + int prog_fd = -1; + + extra_fds[0] = new_map(); + if (!ASSERT_GE(extra_fds[0], 0, "new_map")) + goto cleanup; + extra_fds[1] = new_map(); + if (!ASSERT_GE(extra_fds[1], 0, "new_map")) + goto cleanup; + prog_fd = load_test_prog(extra_fds, 2); + if (!ASSERT_GE(prog_fd, 0, "BPF_PROG_LOAD")) + goto cleanup; + nr_map_ids = ARRAY_SIZE(map_ids); + if (!check_expected_map_ids(prog_fd, 3, map_ids, &nr_map_ids)) + goto cleanup; + + /* maps should still exist when original file descriptors are closed */ + close(extra_fds[0]); + close(extra_fds[1]); + if (!ASSERT_EQ(map_exists(map_ids[0]), true, "map_ids[0] should exist")) + goto cleanup; + if (!ASSERT_EQ(map_exists(map_ids[1]), true, "map_ids[1] should exist")) + goto cleanup; + + /* some fds might be invalid, so ignore return codes */ +cleanup: + close(extra_fds[1]); + close(extra_fds[0]); + close(prog_fd); +} + +/* + * Load a program with a few extra maps duplicated in the fd_array. + * After the load maps should only be referenced once. + */ +static void check_fd_array_cnt__duplicated_maps(void) +{ + int extra_fds[4] = { -1, -1, -1, -1 }; + __u32 map_ids[16]; + __u32 nr_map_ids; + int prog_fd = -1; + + extra_fds[0] = extra_fds[2] = new_map(); + if (!ASSERT_GE(extra_fds[0], 0, "new_map")) + goto cleanup; + extra_fds[1] = extra_fds[3] = new_map(); + if (!ASSERT_GE(extra_fds[1], 0, "new_map")) + goto cleanup; + prog_fd = load_test_prog(extra_fds, 4); + if (!ASSERT_GE(prog_fd, 0, "BPF_PROG_LOAD")) + goto cleanup; + nr_map_ids = ARRAY_SIZE(map_ids); + if (!check_expected_map_ids(prog_fd, 3, map_ids, &nr_map_ids)) + goto cleanup; + + /* maps should still exist when original file descriptors are closed */ + close(extra_fds[0]); + close(extra_fds[1]); + if (!ASSERT_EQ(map_exists(map_ids[0]), true, "map should exist")) + goto cleanup; + if (!ASSERT_EQ(map_exists(map_ids[1]), true, "map should exist")) + goto cleanup; + + /* some fds might be invalid, so ignore return codes */ +cleanup: + close(extra_fds[1]); + close(extra_fds[0]); + close(prog_fd); +} + +/* + * Check that if maps which are referenced by a program are + * passed in fd_array, then they will be referenced only once + */ +static void check_fd_array_cnt__referenced_maps_in_fd_array(void) +{ + int extra_fds[1] = { -1 }; + __u32 map_ids[16]; + __u32 nr_map_ids; + int prog_fd = -1; + + extra_fds[0] = new_map(); + if (!ASSERT_GE(extra_fds[0], 0, "new_map")) + goto cleanup; + prog_fd = __load_test_prog(extra_fds[0], extra_fds, 1); + if (!ASSERT_GE(prog_fd, 0, "BPF_PROG_LOAD")) + goto cleanup; + nr_map_ids = ARRAY_SIZE(map_ids); + if (!check_expected_map_ids(prog_fd, 1, map_ids, &nr_map_ids)) + goto cleanup; + + /* map should still exist when original file descriptor is closed */ + close(extra_fds[0]); + if (!ASSERT_EQ(map_exists(map_ids[0]), true, "map should exist")) + goto cleanup; + + /* some fds might be invalid, so ignore return codes */ +cleanup: + close(extra_fds[0]); + close(prog_fd); +} + +/* + * Test that a program with trash in fd_array can't be loaded: + * only map and BTF file descriptors should be accepted. + */ +static void check_fd_array_cnt__fd_array_with_trash(void) +{ + int extra_fds[3] = { -1, -1, -1 }; + int prog_fd = -1; + + extra_fds[0] = new_map(); + if (!ASSERT_GE(extra_fds[0], 0, "new_map")) + goto cleanup; + extra_fds[1] = new_btf(); + if (!ASSERT_GE(extra_fds[1], 0, "new_btf")) + goto cleanup; + + /* trash 1: not a file descriptor */ + extra_fds[2] = 0xbeef; + prog_fd = load_test_prog(extra_fds, 3); + if (!ASSERT_EQ(prog_fd, -EBADF, "prog should have been rejected with -EBADF")) + goto cleanup; + + /* trash 2: not a map or btf */ + extra_fds[2] = socket(AF_INET, SOCK_STREAM, 0); + if (!ASSERT_GE(extra_fds[2], 0, "socket")) + goto cleanup; + + prog_fd = load_test_prog(extra_fds, 3); + if (!ASSERT_EQ(prog_fd, -EINVAL, "prog should have been rejected with -EINVAL")) + goto cleanup; + + /* some fds might be invalid, so ignore return codes */ +cleanup: + close(extra_fds[2]); + close(extra_fds[1]); + close(extra_fds[0]); +} + +/* + * Test that a program with too big fd_array can't be loaded. + */ +static void check_fd_array_cnt__fd_array_too_big(void) +{ + int extra_fds[65]; + int prog_fd = -1; + int i; + + for (i = 0; i < 65; i++) { + extra_fds[i] = new_map(); + if (!ASSERT_GE(extra_fds[i], 0, "new_map")) + goto cleanup_fds; + } + + prog_fd = load_test_prog(extra_fds, 65); + ASSERT_EQ(prog_fd, -E2BIG, "prog should have been rejected with -E2BIG"); + +cleanup_fds: + while (i > 0) + close(extra_fds[--i]); +} + +void test_fd_array_cnt(void) +{ + if (test__start_subtest("no-fd-array")) + check_fd_array_cnt__no_fd_array(); + + if (test__start_subtest("fd-array-ok")) + check_fd_array_cnt__fd_array_ok(); + + if (test__start_subtest("fd-array-dup-input")) + check_fd_array_cnt__duplicated_maps(); + + if (test__start_subtest("fd-array-ref-maps-in-array")) + check_fd_array_cnt__referenced_maps_in_fd_array(); + + if (test__start_subtest("fd-array-trash-input")) + check_fd_array_cnt__fd_array_with_trash(); + + if (test__start_subtest("fd-array-2big")) + check_fd_array_cnt__fd_array_too_big(); +} From patchwork Tue Dec 3 13:50:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892510 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72A091F1304 for ; Tue, 3 Dec 2024 13:48:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233727; cv=none; b=Tcd7HVi5oSBzB4PjELOVp4wfDuB9yapM7jSN0LzyxOOViJ8S+HQpCAEcaKA4tcDEkICz7AoQ6GUJDdcYqASlEs4sFu5vTZ9YOKWpWzPvCeMbm8sGJjopoMrHPH567hFIICIoUILp2XwBjAd2MnAL8RBKnlMagQwdP9O/j0IdDuM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233727; c=relaxed/simple; bh=Ni0zh2IwTW4Eo4e12gso0nYbquPYytFmeY9s4Da5xao=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qgg3ph2Tk28VRsS9yTTi1W9dWwwaXQs/fcBvhBMbcGyONpx9iNk0dxwDsXrzQvJqYbUGAxvPzDNvBYcRpMytzBxbZPjXO7NqLh+1LB0Qw7YynS5dhW/KFfjh1IFbf+5Q3i/aKDnCjDceJcKCGdwOd1fW2SyoO4vx6LeMi14HKf4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=beQqgbS9; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="beQqgbS9" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5d0d4a2da4dso3586977a12.1 for ; Tue, 03 Dec 2024 05:48:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233723; x=1733838523; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LK8iEwp1R6Eqbfjz8+ERFHqx0nK18yrWJ/XJarhtfQE=; b=beQqgbS9foxAvUdciqg9Ia6ZbQso/KRppbm8zTyYEPn/hXa7bMhDYeSp8//5qvFeAJ JKiyJEBa6DmBpSTaWqEdfr17IvCRdWNHXL+6UREaGpJ2cS6p7KuWhZib/spMqQ6tSKSh KxHnL3xZYZg4XKEB30f6krFBOyZ4OpyPLI3S9u6R56X+czddg6gCbtoeDFfqCTw1YgzD XPLxmNyZ7OLVHiH8E0wOaBCafax4Np8N45vXrgTKKPCdIEIxK1f50shZ3dzBxf3czG/v 0Us0a839sH8Z2xNTmuyCIsQ58KjEv2x37nNQEgD8KcNEKvNNS0CfiQd1l9YyN+bLH6SC 3R/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233723; x=1733838523; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LK8iEwp1R6Eqbfjz8+ERFHqx0nK18yrWJ/XJarhtfQE=; b=EsXm4AntVTXiSIf7QWcQHsxqITr9rufjXU4VYnKK9pEYGSZyB13bbxufFU3qcXH5ua qjUWwq+QdCFsnn3Eooy7vGW5Zm3RSQlw4fX3mPo1yrvkrv+1ffghWbswjO30IMlbRwsB 6Px3iQ6VtrUKdifx2KS48xiCoLXEXjPzwqXc5aZUmo+cPFiRkrGQfT8VayAsiDHQUl5E Sg5zW7jB7l/81wbIDVbuas78Qd6P5JdNwGuQtTgqrbzonfViUzvlZ2+70LlcCKCTiIee 2ibeLwfjobSB4UDSD/GankbMx/fpLRJoowJDS9maSkZeNOOJtJ8l1Oo4hBQVC7pwOaTc rJhw== X-Gm-Message-State: AOJu0YzuGxWYDXZZt5wOHcx/Fj7k5oO+OSx0xrxnLXW3JPjErc6e/U3K vQa7T/33OKMejFJUQ9dbzoQzG4ac/avBLxrhwfz5mLlFMimSueqxYijGa+50di9k++drCdRcfxV p X-Gm-Gg: ASbGncsNaqv8RIZyuTSYmCIYWDLpW75E/+6lzIXjbm4sOn0mJaYK2cZT2tranzUarME 08CDC9IgvPtYaWOv4zeGOu9mZ8Xp2nchhbAosN2D1B+vqg7ddtAobQqB5qmqwkSpRGdh7XFhlV9 dMapPUBugZvXgRNKMcqgYN08YpTOwIsW9gPh701kbVo7T/W2kt3hcOdy54VDZrq9cKoHPgYKsph XvSwygCv6lskuRKFJS5DNqMUVuFK3XGFL2jDlQ0r4W9XF8yZAfAoUPDOuA1sJc= X-Google-Smtp-Source: AGHT+IHppb3RLV+ZQYQMgG0ulnpXb7F0r60cbufB/TrKv1dWX5Am0bUxdbwrs/wCIsgClpuBPXrOoA== X-Received: by 2002:a05:6402:3510:b0:5d0:cca6:2344 with SMTP id 4fb4d7f45d1cf-5d10cb55767mr2416796a12.12.1733233723522; Tue, 03 Dec 2024 05:48:43 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:43 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov , Jiri Olsa Subject: [PATCH v4 bpf-next 6/7] bpf: fix potential error return Date: Tue, 3 Dec 2024 13:50:51 +0000 Message-Id: <20241203135052.3380721-7-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net The bpf_remove_insns() function returns WARN_ON_ONCE(error), where error is a result of bpf_adj_branches(), and thus should be always 0 However, if for any reason it is not 0, then it will be converted to boolean by WARN_ON_ONCE and returned to user space as 1, not an actual error value. Fix this by returning the original err after the WARN check. Signed-off-by: Anton Protopopov Acked-by: Jiri Olsa Acked-by: Andrii Nakryiko --- kernel/bpf/core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index a2327c4fdc8b..8b9711e6da6c 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -539,6 +539,8 @@ struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt) { + int err; + /* Branch offsets can't overflow when program is shrinking, no need * to call bpf_adj_branches(..., true) here */ @@ -546,7 +548,9 @@ int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt) sizeof(struct bpf_insn) * (prog->len - off - cnt)); prog->len -= cnt; - return WARN_ON_ONCE(bpf_adj_branches(prog, off, off + cnt, off, false)); + err = bpf_adj_branches(prog, off, off + cnt, off, false); + WARN_ON_ONCE(err); + return err; } static void bpf_prog_kallsyms_del_subprogs(struct bpf_prog *fp) From patchwork Tue Dec 3 13:50:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Protopopov X-Patchwork-Id: 13892511 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E9171F12E3 for ; Tue, 3 Dec 2024 13:48:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233728; cv=none; b=UwQbYzNj7Otn1NRV07Z+GrJugC5A1ZMdnTtjswX1G3N567/EMKrsWlQ6T8KL6QYr7PIJ+ESN3yDzbJgKWFT+2k6r7RfxYpCPBiDnEgLvpM5+BY3Ym0c2vVFApXtTTREtEq81LnuUFlw5E17mO6bBXgMfLOrSxhk0C8BGXvOyY4k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733233728; c=relaxed/simple; bh=5M+9sZ2uOISCSb6KW/FXzpjBYHwIs149KFBIoWPdbV4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=dees4EFWKzbpVcJ+VWWJf4Bg6x6xv9+scM9YZdcsHugPgb8vJAeoCmVUBzF8ggh3N6mYNTQP7scZfNLZIEN68fKLvGIoeHiXql03v3D6BAtlRH1WbPaX7i3l/Gl5JXP3cj7lCRz/Ku1rXL1PoVDsCrb+DEa93GhNV4KedZWMbFg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com; spf=pass smtp.mailfrom=isovalent.com; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b=UX/oUB9n; arc=none smtp.client-ip=209.85.221.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=isovalent.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=isovalent.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=isovalent.com header.i=@isovalent.com header.b="UX/oUB9n" Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-385f06d0c8eso1570729f8f.0 for ; Tue, 03 Dec 2024 05:48:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent.com; s=google; t=1733233724; x=1733838524; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=95uLp76JDqCGAntKfWwQIWRGb8VQc95vaaCgVutyp08=; b=UX/oUB9npM+lbSOwGB2xFRmOJ2MiS3dg+qk0BuKDRqoT1ToxJMpRP4+qy+Xs41PbwO kUoLm3RJxC7Kbbw6NBiErASyjdo03dvjviC8/SKjfrU5v2kZE96C8aBa1OXYDL84XuOt ckrqH4C5vBuKzHacqOuGfi3W73z3433fUhtqspBQyw47mTzSlA/QmuIa2DcO0TMmdZSJ Ayc3AYvybhhOYa1IruP6Hr6mkaPE41O1v+Gl2r5qyiKcy76DD2v3hzj3PJTFEonKKhlh MmHYDouvgyncB5+CCuBCpDUaY+ovcNx1gSgiXe52hx3wQf02YF9GctXXf2lK62ihoKMv 1OAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233724; x=1733838524; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=95uLp76JDqCGAntKfWwQIWRGb8VQc95vaaCgVutyp08=; b=tUmuF0KqRfXcUvPz1o7wa5Ouw8jUkzUL5Zd4lFAr/Uyq/JxYLB+azC0o76QqPfnenI KDsnl+3mpXIV1nwyxwZDyGm+Wu/Dod+F3Tz+ke3oH3upZuFSeM3KsE4mAYlIQgWQVeqn TrUlwEzIftkaHAQ1LfQdAIiwQREj29MCOqW51/d4pN0UfPhFTLYpn7GWSJi+0mMhoGg8 IEgJZ5EmKtnmxpYQeAhQ+9BOX+pLBQypTur9FD3VnocB2iKiPtD+m6z4IlYdb2B8oUtj /28q9++YVwRCHlXob30dpFfogDrU/IQ+EUKZvrRQvb578ebnWuQ0h/zqA99f5ciLizrg OUXg== X-Gm-Message-State: AOJu0YzSj2K8ZavET7YQPS689ObJwqcef7zQc0y5PkQuIsb/uAjEivQ9 C5QT4biyYA0+awmOGVKwGC5Bt9QFHSgZ1/RzqWUCjntlV+2cpyhiXuwFa6pSQQOu+WiLRkw8ECo S X-Gm-Gg: ASbGncvr3NUxQBFpVwCc1BtINoGUbRuSdDBuHcpq0H0kHdZPsX3NcbK04d53cLpLDPL l9pJblY8j48BbPLrAZXFeFY4MM+Su7BM/uiV0N80Ak2v+FC21TWy/fGVf10rSsagA+n/fvYtlWz kP+rRcL9M6TxB0ng8pumctsX6d59vknbxqDCmeqj/h9IfmkHSidcDmJhdljY9Fa31QhOvpZKHNl +Y7XAAOZS0DO1HmFp8NvYPHMFwAh0S7K/Z13Zs2S5aFzsorEDS7ZKZn/H4rEmM= X-Google-Smtp-Source: AGHT+IFruPw6fU165DSoj1vetOUB3CI91wqgARxs2n70XmWwljt+TRZBjH/hjUSlZtgG5t+v/c654A== X-Received: by 2002:a05:6000:440f:b0:385:e3b8:f345 with SMTP id ffacd0b85a97d-385fd3f23f5mr1521787f8f.30.1733233724456; Tue, 03 Dec 2024 05:48:44 -0800 (PST) Received: from localhost.localdomain ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d098330dd2sm6243394a12.14.2024.12.03.05.48.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:48:43 -0800 (PST) From: Anton Protopopov To: bpf@vger.kernel.org Cc: Anton Protopopov , Eduard Zingerman Subject: [PATCH v4 bpf-next 7/7] selftest/bpf: replace magic constants by macros Date: Tue, 3 Dec 2024 13:50:52 +0000 Message-Id: <20241203135052.3380721-8-aspsk@isovalent.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241203135052.3380721-1-aspsk@isovalent.com> References: <20241203135052.3380721-1-aspsk@isovalent.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Replace magic constants in a BTF structure initialization code by proper macros, as is done in other similar selftests. Signed-off-by: Anton Protopopov Suggested-by: Eduard Zingerman --- tools/testing/selftests/bpf/progs/syscall.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/syscall.c b/tools/testing/selftests/bpf/progs/syscall.c index 0f4dfb770c32..b698cc62a371 100644 --- a/tools/testing/selftests/bpf/progs/syscall.c +++ b/tools/testing/selftests/bpf/progs/syscall.c @@ -76,9 +76,9 @@ static int btf_load(void) .magic = BTF_MAGIC, .version = BTF_VERSION, .hdr_len = sizeof(struct btf_header), - .type_len = sizeof(__u32) * 8, - .str_off = sizeof(__u32) * 8, - .str_len = sizeof(__u32), + .type_len = sizeof(raw_btf.types), + .str_off = offsetof(struct btf_blob, str) - offsetof(struct btf_blob, types), + .str_len = sizeof(raw_btf.str), }, .types = { /* long */